CVE-2025-34186

Severity CVSS v4.0:
CRITICAL
Type:
CWE-78 OS Command Injections
Publication date:
16/09/2025
Last modified:
17/09/2025

Description

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Due to the binary's interpretation of non-zero exit codes as successful authentication, remote attackers can bypass authentication and gain full access to the system.